{"id":"https://openalex.org/W4415746251","doi":"https://doi.org/10.1109/icsme64153.2025.00011","title":"Evaluating the Maintainability of Forward-Porting Vulnerabilities in Fuzzer Benchmarks","display_name":"Evaluating the Maintainability of Forward-Porting Vulnerabilities in Fuzzer Benchmarks","publication_year":2025,"publication_date":"2025-09-07","ids":{"openalex":"https://openalex.org/W4415746251","doi":"https://doi.org/10.1109/icsme64153.2025.00011"},"language":null,"primary_location":{"id":"doi:10.1109/icsme64153.2025.00011","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsme64153.2025.00011","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Software Maintenance and Evolution (ICSME)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5006466540","display_name":"Timoth\u00e9e Riom","orcid":"https://orcid.org/0000-0001-7486-0538"},"institutions":[{"id":"https://openalex.org/I90267481","display_name":"Ume\u00e5 University","ror":"https://ror.org/05kb8h459","country_code":"SE","type":"education","lineage":["https://openalex.org/I90267481"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Timoth\u00e9e Riom","raw_affiliation_strings":["Umeå Universitet,Umeå,Sweden"],"affiliations":[{"raw_affiliation_string":"Umeå Universitet,Umeå,Sweden","institution_ids":["https://openalex.org/I90267481"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091965804","display_name":"Sabine Houy","orcid":"https://orcid.org/0000-0002-7679-0796"},"institutions":[{"id":"https://openalex.org/I90267481","display_name":"Ume\u00e5 University","ror":"https://ror.org/05kb8h459","country_code":"SE","type":"education","lineage":["https://openalex.org/I90267481"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Sabine Houy","raw_affiliation_strings":["Umeå Universitet,Umeå,Sweden"],"affiliations":[{"raw_affiliation_string":"Umeå Universitet,Umeå,Sweden","institution_ids":["https://openalex.org/I90267481"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5099127829","display_name":"Bruno Kreyssig","orcid":"https://orcid.org/0009-0004-2456-895X"},"institutions":[{"id":"https://openalex.org/I90267481","display_name":"Ume\u00e5 University","ror":"https://ror.org/05kb8h459","country_code":"SE","type":"education","lineage":["https://openalex.org/I90267481"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Bruno Kreyssig","raw_affiliation_strings":["Umeå Universitet,Umeå,Sweden"],"affiliations":[{"raw_affiliation_string":"Umeå Universitet,Umeå,Sweden","institution_ids":["https://openalex.org/I90267481"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019300625","display_name":"Alexandre Bartel","orcid":"https://orcid.org/0000-0003-1383-0372"},"institutions":[{"id":"https://openalex.org/I90267481","display_name":"Ume\u00e5 University","ror":"https://ror.org/05kb8h459","country_code":"SE","type":"education","lineage":["https://openalex.org/I90267481"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Alexandre Bartel","raw_affiliation_strings":["Umeå Universitet,Umeå,Sweden"],"affiliations":[{"raw_affiliation_string":"Umeå Universitet,Umeå,Sweden","institution_ids":["https://openalex.org/I90267481"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5006466540"],"corresponding_institution_ids":["https://openalex.org/I90267481"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.34701959,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"12"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.714900016784668,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.714900016784668,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.061400000005960464,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.04820000007748604,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9767000079154968},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.730400025844574},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.6805999875068665},{"id":"https://openalex.org/keywords/maintainability","display_name":"Maintainability","score":0.579800009727478},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5662000179290771},{"id":"https://openalex.org/keywords/software-portability","display_name":"Software portability","score":0.5591999888420105},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5365999937057495},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.5230000019073486},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5227000117301941}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9767000079154968},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7760000228881836},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.730400025844574},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.6805999875068665},{"id":"https://openalex.org/C160713754","wikidata":"https://www.wikidata.org/wiki/Q1389965","display_name":"Maintainability","level":2,"score":0.579800009727478},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5662000179290771},{"id":"https://openalex.org/C63000827","wikidata":"https://www.wikidata.org/wiki/Q3080428","display_name":"Software portability","level":2,"score":0.5591999888420105},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5365999937057495},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.5230000019073486},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5227000117301941},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4912000000476837},{"id":"https://openalex.org/C101317890","wikidata":"https://www.wikidata.org/wiki/Q940053","display_name":"Software maintenance","level":4,"score":0.4580000042915344},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.45559999346733093},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.44699999690055847},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.3752000033855438},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.3483000099658966},{"id":"https://openalex.org/C180152950","wikidata":"https://www.wikidata.org/wiki/Q2904257","display_name":"Software development process","level":4,"score":0.34220001101493835},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.3379000127315521},{"id":"https://openalex.org/C180591934","wikidata":"https://www.wikidata.org/wiki/Q1253369","display_name":"Downtime","level":2,"score":0.33719998598098755},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32089999318122864},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.3100000023841858},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.30379998683929443},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.28290000557899475},{"id":"https://openalex.org/C82214349","wikidata":"https://www.wikidata.org/wiki/Q657339","display_name":"Software metric","level":5,"score":0.27549999952316284},{"id":"https://openalex.org/C2984328558","wikidata":"https://www.wikidata.org/wiki/Q188522","display_name":"Software testing","level":3,"score":0.274399995803833},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2529999911785126}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icsme64153.2025.00011","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icsme64153.2025.00011","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Software Maintenance and Evolution (ICSME)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W1506513518","https://openalex.org/W2002934700","https://openalex.org/W2015933956","https://openalex.org/W2025411198","https://openalex.org/W2114124859","https://openalex.org/W2150098915","https://openalex.org/W2515236103","https://openalex.org/W2560041978","https://openalex.org/W2584230735","https://openalex.org/W2765944901","https://openalex.org/W2806746626","https://openalex.org/W2954978134","https://openalex.org/W2961870034","https://openalex.org/W2962200727","https://openalex.org/W2964241064","https://openalex.org/W3146215426","https://openalex.org/W3194771370","https://openalex.org/W3203052926","https://openalex.org/W4226253272","https://openalex.org/W4242126179","https://openalex.org/W4247747396","https://openalex.org/W4281652590","https://openalex.org/W4328028304"],"related_works":[],"abstract_inverted_index":{"Fuzzing":[0],"is":[1,36],"a":[2,90,154,222],"well-established":[3],"technique":[4],"for":[5,141,189,218],"detecting":[6],"bugs":[7,43],"and":[8,15,23,125,173,201],"vulnerabilities.":[9],"With":[10],"the":[11,26,54,71,77,86,101,109,115,128,131,137,144,160,167,170,179,187,203,216],"surge":[12],"of":[13,56,79,117,143,191],"fuzzers":[14],"fuzzer":[16],"platforms":[17],"being":[18],"developed":[19],"such":[20],"as":[21],"AFL":[22],"OSSFuzz":[24],"rises":[25],"necessity":[27],"to":[28,58,89,178,185],"benchmark":[29],"these":[30,192],"tools'":[31],"performance.":[32],"A":[33],"common":[34],"problem":[35],"that":[37],"vulnerability":[38],"benchmarks":[39],"are":[40,69],"based":[41],"on":[42,76,198],"in":[44,62,130,147,159,176,210],"old":[45],"software":[46,64,92,133],"releases.":[47,65],"For":[48],"this":[49,80,211],"very":[50],"reason,":[51],"Magma":[52],"introduced":[53],"notion":[55],"forward-porting":[57,112,156,171],"reintroduce":[59],"vulnerable":[60,87,102],"code":[61,88,103],"current":[63,132],"While":[66,182],"their":[67],"results":[68],"promising,":[70],"state-of-the-art":[72],"lacks":[73],"an":[74,196],"update":[75,197],"maintainability":[78],"approach":[81],"over":[82],"time.":[83],"Indeed,":[84],"adding":[85],"recent":[91],"version":[93],"might":[94],"either":[95],"break":[96],"its":[97,123],"functionality":[98],"or":[99],"make":[100],"no":[104],"longer":[105],"reachable.":[106],"We":[107,135,150],"characterise":[108],"challenges":[110,204],"with":[111,209],"by":[113],"reassessing":[114],"portability":[116],"Magma's":[118],"CVEs":[119,146],"four":[120],"years":[121],"after":[122],"release":[124],"manually":[126],"reintroducing":[127],"vulnerabilities":[129],"versions.":[134],"find":[136],"straightforward":[138],"process":[139,157,172,188],"efficient":[140],"17":[142],"32":[145],"our":[148],"study.":[149],"further":[151],"investigate":[152],"why":[153],"trivial":[155],"fails":[158],"15":[161,200],"other":[162],"CVEs.":[163],"This":[164],"involves":[165],"identifying":[166],"commits":[168],"breaking":[169],"reverting":[174],"them":[175],"addition":[177],"bug":[180],"fix.":[181],"we":[183,194,205,214],"manage":[184],"complete":[186],"nine":[190],"CVEs,":[193],"provide":[195],"all":[199],"explain":[202],"have":[206],"been":[207],"confronted":[208],"process.":[212],"Thereby,":[213],"give":[215],"basis":[217],"future":[219],"work":[220],"towards":[221],"sustainable":[223],"forward-ported":[224],"fuzzing":[225],"benchmark.":[226]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-31T00:00:00"}